A month ago we heard of an attack on the EOSBet gambling app. That time, the hackers exploited a vulnerability in its smart contract to steal 44,000 EOS. Now, a month later, EOSBet has been hacked again. Reportedly, a bug in their smart tokens caused dApp an even bigger blow by stealing 65,000 EOS.

EOSBet Got Hacked Again Due To A Flaw

According to a recent Hard Fork report, the gambling app EOSBet was hacked again due to a flaw in their system. The hackers exploited the vulnerability to pilfer 65,000 EOS, worth around $338,000.

As reported recently, the hackers injected malicious code into EOS wallets. The code tricked the smart tokens of the dApp to credit their accounts wrongly with large amounts. By doing so, they successfully stole about 65,000 EOS worth around $388,000. As reported,

“In this case, the code activated EOSBets’ “transfer” function, tricking it into matching every EOS sent with equal amounts from its operational wallets.”

The suspected hacker account “ilovedice123” then transferred the EOS to another account that supposedly belongs to a major cryptocurrency exchange.

Vulnerability Patched

Soon after the discovery of the incident, EOSBet officially patched the flaw, as disclosed in their Mediumpost. They have also urged all users to patch this flaw accordingly.

Any contract relying on transfer notifications from eosio.token should add this check immediately: if (transfer.to != _self) return;

If you execute business logic on only incoming transfers, but reuse transfer action for both incoming and outgoing transfers, please use: if (transfer.from == _self || transfer.to != _self ) return;

The present event marks the second hacking incident for EOSBet gambling dApp. Last month, EOSBet lost around 44,000 EOS to hackers who exploited a vulnerability in the platform’s smart contract.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Related

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]